On 9/1/2010 7:01 PM, Julio Biason wrote:
That's the whole problem with it. Yes, one could simply strings(1) one
Mac app and probably retrieve the keys and spam the hell of Twitter
with it. For the spammer, it doesn't matter if the key is revoked as
he could just get another one; the real problem appears to legit users
that follow all the guildelines and really contribute for the system.

So for the spammer in the choice between:

1. reverse engineering a consumer key combo from a legit program, creating user accounts and generating tokens, spamming it until it's locked out, tracking down another legit program, reverse engineering it, lathering, rinsing, and repeating


2.  generating his own consumer keys through twitter and using those.

the spammer's going to take #1. Somehow, I would think that #2 would be a whole lot easier. Besides, whether or not you think it's safer I seriously doubt that Twitter is thinking that oAuth is the only security measure.

Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 

Reply via email to